Correct previous commit

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6536 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-13 18:56:27 +00:00
parent 6110ef3aa7
commit c9593ebf2f
2 changed files with 31 additions and 13 deletions

View File

@ -1379,6 +1379,8 @@ sub get_interface_nets ( $ ) {
# #
# This function provides a uniform way to generate rules (something the original Shorewall sorely needed). # This function provides a uniform way to generate rules (something the original Shorewall sorely needed).
# #
# Returns the destination interface specified in the rule, if any.
#
sub expand_rule( $$$$$$$$$$ ) sub expand_rule( $$$$$$$$$$ )
{ {
my ($chainref , # Chain my ($chainref , # Chain
@ -1526,6 +1528,8 @@ sub expand_rule( $$$$$$$$$$ )
$rule .= match_dest_dev( $diface ); $rule .= match_dest_dev( $diface );
} }
} else {
$diface = '';
} }
if ( $origdest ) { if ( $origdest ) {
@ -1725,6 +1729,8 @@ sub expand_rule( $$$$$$$$$$ )
$chainref->{loopcount}--; $chainref->{loopcount}--;
add_command $chainref, 'done'; add_command $chainref, 'done';
} }
$diface;
} }
# #

View File

@ -121,6 +121,8 @@ our @tccmd = ( { match => sub ( $ ) { $_[0] eq 'SAVE' } ,
our %classids; our %classids;
our @deferred_rules;
sub process_tc_rule( $$$$$$$$$$ ) { sub process_tc_rule( $$$$$$$$$$ ) {
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = @_; my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = @_;
@ -135,6 +137,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
my $tcsref; my $tcsref;
my $connmark = 0; my $connmark = 0;
my $classid = 0; my $classid = 0;
my $device;
if ( $source ) { if ( $source ) {
if ( $source eq $firewall_zone ) { if ( $source eq $firewall_zone ) {
@ -161,7 +164,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
fatal_error "Invalid MARK ($original_mark)" unless $mark =~ /^([0-9]+|0x[0-9a-f]+)$/ and $designator =~ /^([0-9]+|0x[0-9a-f]+)$/; fatal_error "Invalid MARK ($original_mark)" unless $mark =~ /^([0-9]+|0x[0-9a-f]+)$/ and $designator =~ /^([0-9]+|0x[0-9a-f]+)$/;
if ( $config{TC_ENABLED} eq 'Internal' ) { if ( $config{TC_ENABLED} eq 'Internal' ) {
fatal_error "Unknown Class ($original_mark)}" unless $classids{$original_mark}; fatal_error "Unknown Class ($original_mark)}" unless ( $device = $classids{$original_mark} );
} }
$chain = 'tcpost'; $chain = 'tcpost';
@ -218,17 +221,22 @@ sub process_tc_rule( $$$$$$$$$$ ) {
} }
} }
expand_rule if ( my $result = expand_rule(
ensure_chain( 'mangle' , $chain ) , ensure_chain( 'mangle' , $chain ) ,
NO_RESTRICT , NO_RESTRICT ,
do_proto( $proto, $ports, $sports) . do_test( $testval, $mask ) . do_tos( $tos ) , do_proto( $proto, $ports, $sports) . do_test( $testval, $mask ) . do_tos( $tos ) ,
$source , $source ,
$dest , $dest ,
'' , '' ,
"-j $target $mark" , "-j $target $mark" ,
'' , '' ,
'' , '' ,
''; '' ) ) {
#
# expand_rule() returns destination device if any
#
fatal_error "Class Id $original_mark is not associated with device $result" if $classid && $device ne $result;
}
progress_message " TC Rule \"$line\" $done"; progress_message " TC Rule \"$line\" $done";
@ -490,7 +498,7 @@ sub setup_traffic_shaping() {
# add filters # add filters
# #
if ( "$capabilities{CLASSIFY_TARGET}" && known_interface $device ) { if ( "$capabilities{CLASSIFY_TARGET}" && known_interface $device ) {
add_rule ensure_chain( 'mangle' , 'tcpost' ), " -o $device -m mark --mark $mark/0xFF -j CLASSIFY --set-class $classid"; push @deferred_rules, " -o $device -m mark --mark $mark/0xFF -j CLASSIFY --set-class $classid";
} else { } else {
emit "run_tc filter add dev $device protocol ip parent $devnum:0 prio 1 handle $mark fw classid $classid"; emit "run_tc filter add dev $device protocol ip parent $devnum:0 prio 1 handle $mark fw classid $classid";
} }
@ -587,6 +595,10 @@ sub setup_tc() {
$comment = ''; $comment = '';
} }
for ( @deferred_rules ) {
add_rule ensure_chain( 'mangle' , 'tcpost' ), $_;
}
} }
1; 1;